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MESSAGE IDENTIFICATION WITH CONFIDENTIALITY, 
INTEGRITY, AND SOURCE AUTHENTICATION 

Field of the Invention 

■n>e p,ese„. invention .,a.s .o me encoding and .a„.n,.sion „, seen, 
n-essages, i„ pa„ic„,a, .,a.ing ,o aspec. ofconfldenciaH^, i„.,rt., a«, audiuMliey of 
-.sa,es in .e™. of au*en,ica.ion and in.e.ri^ ehecidng. In addition. ti,e invention 
re a,e. .„ ,e,ia.,e operation of s„ch messaging ft,nc«on. in a ne.wo.,c environn^n. in 
wh.ch ti-ansmi^ion delay and lose or dnplication Of messages ean occur. 

Bacltground of the Invention 

Tl,e adven. of secure storage and processing devices such as smart-cards 
coupied wid, a. increasing use of practicaMe e,ecti.nic conferee «chno,ogy. 
h,g..„g,„ed s^ortcontings in seen, message transfer t^i^oiogy. ™. 
part-cuiar to ..Justness at^ auditaWiity of secu. messages when transmitted over 
different types of "best effort" networlcs. 

R-ndamenta. requirements for electronic comme.^ include the ability to 
transmit and receive messages .id, an acceptable level of confldentiality and mtegrity 
Where this level depends on dte particular commercial application. In addition, reliable' 
authentication of these messages, namely identification a«, verification of dte source of 
a .cetved message is also needed to ensure ti.t fraudulent transactions are no. being 
initiated. ^ 

Emerging best effort networks such as wireless and the Internet, place 
additional demands on messaging technology, since message delay, loss and 
25 occasionally duplication does occur. 

standard cryptographic and authentication ft.nc.ions often exact a commetcially 
prohibitive penalo- on secure messaging, because of d,eir re,uireme„t for significant 
overhead data and associated complex equipment to provide d.e cryptographic and^or 
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authentication functions. Available techniques have also not been proven to be reliable 
or efficient in the context of the aforementioned best effort networks. 

It is an object of the present invention to ameliorate one or more disadvantages 
of the prior art. 

5 

Summary of the Invention 

According to a first aspect of the invention, there is provided a method for 
encoding and transmitting by an originating device of a secure message the method 
comprising the steps of; 
10 (a) generating by a first process using an application identifier and an 

application value of a message value; 

(b) combining the message value with one or more first secret values, said 
secret values being known substantially only to the originating device and one or more 
intended recipient devices of the message, to establish a secret message value; 
15 (c) applying the secret message value and the message to an encoding 

process to form a secure message block; and 

(d) combining an address with a device identifier, the application 
identifier, the application value and the secure message block, to form a secure message 
for transmission which is decodable by the one or more of said intended recipient 
20 devices which thereby recover the message, the address , the device identifier, the 
application identifier and the application value. 

According to another aspect of the invention, there is provided a method for 
reception of a securely transmitted message by a recipient device the method 
comprising the steps of: 
25 (i) extracting an application identifier and application value from a 

received secure message; 

(j) generating by a first process using the application identifier and 
application value of a message value; 
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(« extracting a device idemifler from U,e secure message, whereby one or 
n.ore secre. vaiues icnown subsu.„,ia«y only .o an originating device and U,e one or 
n-ore i„,e„ded recipient devices of message are generated according to a second 
process using the device identifier ami the application identifier, 

(1) combining the message value with the one or more secre, values to 

establish a secret message value; 

(m) extracting a secure message block from the secure message- and 
(n) applying the secret message value and the secure message block to a 
decoding process to fonn the securely transmitted message, this message having been 
securely transmitted by the originating device. 

Brief Description of the Drawings 

A number of embodiments of a,e invention are described with reference to the 

drawings, in which: 

Fig. 1 depicts secure communication between Issuers and device-holders- 
Fig. 2 depicts the sourcitrg of devices and device applications from differem 

issuers; 

Fig. 3 depicts a device holder performing authentication in relation to a device- 
Ftg. 4 Ulustrates incon,oration of secret values into Issuer and device-holder 

20 devices; 

Fig. 5 Ulustrates a preferred embodiment for producing a sect message 

unique value ; 

Fig. 6 depicts a prefetred embodiment tor production of a transmission data 

block; 

Fig. 6a depicts an embodiment for production of a transmission data block 
with confidentiality and integrity protection; 

Fig. 6b depicts another embodiment for production of a transmission data " 
block with confidentiality and integrity protection; 

Fig. 7 depicts another embodiment for production of a transmission data block; 



25 
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Fig. 8 illustrates a preferred embodiment for reception of the secret message 
unique value ; and 

Fig. 9 illustrates a decoding process for recovery of the message. 

5 Detailed Description 

The term "comprising" as used herein has the inclusive meaning of "having" 
or "including" and not the exclusive meaning of "consisting only of. 

The term "unique" is used herein in one of two ways. In the first instance, it is 
used as a label e.g. "Unique Application Value". In the second instance, it is used to 

10 indicate the manner of parameter value selection for a number of parameters. For 
example, "secret values are preferably unique values" is taken to mean that secret 
values are chosen in a manner as to minimise the likelihood that two secret values will 
have the same value. 

Electronic network conmiunications involve both originators of messages, and 

15 recipients of those messages. Some communication systems dealing with applications 
like e-mail handling, financial services, and directed research information acquisition 
involve a large number of individuals conmiunicating uni-directionally and/or bi- 
directionally with a small number of servers or hosts. Systems of this type are 
characterised by communication paths which are "many to one" or "many to few". 

20 Turning to Fig. 1, an Issuer 100 communicates with a number of Device- 

holders 104 and 106 across a network 108. Another Issuer 102 conununicates with the 
same device-holders 104 and 106, and with other device-holders (not shown) across the 
network 108. 

Fig. 2 shows how the communication referred to in relation to Fig. 1 is 
25 performed by the Issuer 100 (see Fig. 1) using an Issuer device 200 to conmiunicate 
with the device-holder 104 by means of the device-holder device 202. The Issuer 
device 200 communicates across the network 108 to the device holder 202 using 
corresponding applications 206 and 208 respectively which are incorporated into the 
respective devices 200 and 202. The Issuer device 200, the device-holder device 202, 
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. U.e app„ea,.„. ^ ,03 a. ... p.„p.e., ,o.„„s, a„. are 

e..„ ava„a.e a,«,„„. .pp„e. . ^^^^^ 
~o„3 .0^, .OS a. .ev<ces ao,, .0. eo.p, J 

^ a. . ^^^^^ ^ ^ 

are a.en „ ^ve ,he sa^e mea™, „.,e. a conTary i„,e„,i„„ ^Uted 

Tire Wr device 200 a^ device-holder device 202 ensure U. 
co„flde«.a„„ and in,e,ri,y of con^nnica.ion, independent of .He „pe of nerworic 
2~ — . a. n,e..,e in.e.i, even in . 

even, d., message, are delayed, cornrpred, or delivered in a differen, se,„ence ,0 dre 
one m which they were transmitted. 

The Issuer device 200 comn,n„icates with device-holder device 202 for a 
var..y of di.ercnt purposes. These purposes ^lude adnUnistrative .notions such as 
exchangtng logon ID/passwords and e.changh,g account infonnation. They also 
■nclude sending, and receiving electronic „«U, sending and receiving purchase 
.nfor.at.on in relation to a purchase, or transacting purchases. Each con^unication 
.ypc ,s associated with a particular application in .he Issuer device 200 and a 
ending a„„ , ^ ^ 

(e. . 214 and 206, n, the Issuer device 2«, can he supplied as an integrated set of 
appl.cat.ons, or alternatively as ntodular softwa. applications fron, different sources 
The san. applies h, .gard to a suite of applications in d. device-holder device 202 

/'^-^'''---ow a device-hoider 104 can in son,eci.u„.,ances, typically 
a. the .ssuer's discretion, he re,uired to perfom, an audtentication procedure as 
deptcted hy arrow 302, in regard to the device-holder device 202. This authentication 

■dennficanon, or can use a hionietric identiflcation procedure such as placing the 
-device-holders d,un,h on a speSa, purpose thu.h:prrnt" senso. Alternatively, passive ' ^ 
audientication can he achieved hy n.ere possession of d,e device-holder device 202 
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Where required by the particular application (e.g. exemplified by 206, 208), 
the aforementioned authentication procedure provides authentication information which 
can be incorporated into the communication messages. For example, communications 
dealing with requests for health, financial or computer system access information 
5 commonly require, as a prerequisite to answering the request, a reliable indication that 
the information request has originated from a device and/or application which is known 
to, and authorised by, the information provider. Furthermore, the information provider 
must be sure that the device making the request is being used by a user who is in turn 
authorised to make such a request. In this case, the authentication information can be 

10 incorporated into each message, to enable the message recipient to assess the 
authentication status of a message at the time of receipt. The authentication or message 
identification information can be used for network performance assessment, in order to 
estimate the integrity and efficiency of the communication system, and the individual 
communication links. In addition, the authentication information can be used as a basis 

15 for establishing the origin, destination, sequence and timing of messages. This is 
usable, for example, in customer dispute resolution situations, as substantiating 
evidence. 

The aggregate level of security provided by the Issuer device 200, the 
application (e.g 206 and 208), and the device-holder device 202 is specified by the 

20 Issuer 100, to comply with his requirements and those of the device-holders 104 and 
106. The Issuer will normally specify a required level of security based upon risk 
management assessment of the Issuer's business requirements. Tamper-resistant card- 
reading terminals and smart-cards are an example of a particular issuer device 200 and 
associated device-holder device 202 respectively in the case, for example, where the 

25 Issuer is a bank, and the device-holder is a bank customer. 

The Issuer device 200 and the device-holder device 202 (see Fig. 2) are 
generally arranged to erase sensitive data values held in storage if the devices are 
subjected to tampering or damage. Typically, in the case of multiple applications 214 
and 206 being resident in the Issuer device 200 or device holder device 202, an 
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V- w,. .e ... o, .ess,., „„„, „^ ^ J 

appncauons keta, .c„l,H„,e.We ... ,o„. pH„rt,y e™U ™.3.i„, 

400 . a!^"" 'o va..e. 

... P« „ ^„ ^ ^ ^^^^^ ^ o^. 

ns. p„c p.c.aMe ... 3.0. , J ^ 

to deduce the secret values 400. 

Tta issuer device 200 and ^ devlce-hoMer device 202 are a.a„ged ,„ a,ow 
.e or .c. vaiues 400 ,a,ow„ o„i. ,„ «,e Wr. device 200 a«, u,e device- 
2^ - - .0 . .ored i„ d. ^^^^^ ^^^^^^ 

dev.ce 202. ^p.c.,„, ^„ ^,„, ^^^^^ ^ ^ 

on,..„„„, and d,e .econd Tor „..a,e recep.i„„. Od,er 3i.a.i<,. . 
owever. o.. .,„,e a .i„,e .ec.. va,„e 4«,. e.„p,e „, .i. i. 
for secu. ,e„.ir.ca.i„„, e„e.„,i„„ ,^^,„„ „^ 

ex^™,, ..rage p.rp„.s. where a .i„„e device ac. as .„.H d,e origi^.r 200 and 

20 recipient 202 ac differing times. 

Provision „, distinct secret values 40O for each application (e.g. 206 208, 
wtthin a device (e.g 200, 202, p,.vides for reiiahie and stagie vaided indication o; hoth 
.he dev,ce and application that originate a pa„ic„,ar message. The Issuer device 200 
and the device-hoider device 202 are engineeted in a fashion as to preciude misuse of 

25 secret values 400. 

The secret values 400 ate preferahiy u.U<,ue values. This ensures not only that 

-X,, hut also that an, secret value ^ 
4<« has a low prohahilit, of heing the same as secret values 400 used in an, od,er 
device holder 202 or application e.g 218. 
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The corresponding applications 206 and 208 are assigned application identity 
values 406 and 414, to permit identification of an application or purpose for a particular 
message. This identification can vary between applications, or between versions of the 
same application. The application identity (406) can be either a numeric value (e.g "1, 
5 2, 3, 4, 5, 6"), or a more descriptive text string (e.g. "ABC banking system", or, 
"ABC banking system logon step 1"). 

Each device-holder device 202 and issuer device 200 is allocated a device 
identifier 408,416 which might, for example, be a serial number. This provides a 
unique identifier for each device. The device identifier 408, 416 allows the issuer 
10 device to know which device-holder device originates a message. 

The issuer device 200 maintains, in some secure fashion, a record of the 
device identifier 408, the relevant application identifier 414, and the secret values 400 
associated with all the devices e.g. 202 and/or applications e.g. 208 issued by the 
Issuer. The Issuer device 200 stores multiple secret value sets, each set being specific 
15 to both a device and an application, while each application within a device will contain 
a secret value set. The Issuer stores information regarding both the devices which are 
registered to communicate with it, and the applications which the registered devices 
contain. 

This is exemplified in the following table, which illustrates typical data 
20 maintained by the issuer device 200, illustrating how a number of different secret 
values SVs, SV, SVi can be associated with a record set. 



DID 


Application 
ID (AID) 


Secret Value 
Send(SVs) 


Secret Value 
Receive (SV) 


Secret Value 
Integrity (SV*) 


123653 


remote access 
vl.Ol 


247EB4BC8EF52 


2F667C42C2C02 




123654 


remote access 
vl.Ol 


10A6B1C8ED9F9 


48009F1CCE203 






1098756 


99A73E7D456A8 
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DID 



123655 



Application 
ID (AID) 

ABC savings 
account Cash 
Management 
v2.9 



123656 j ABC savings 
account 



Secret Value 
Send(SVs) 

3C768B8A71C31 

2906F8812A346 

C459EAC53F55 



83E76FC890323 



Secret Value 
Receive (SV) 

4789239EFAAB1 

387FEA1B4755C4 

7E89564CA2313 



345F7898AC1F5 



Secret Value 
Integrity (SV«) 

2906F8812A34E 
C459EAC53F5A3 



nFF045A67897 



Table 1. 



°'"'^'''=^"""'^'"™WP'=applica,i„„s, Which comm„nica.e„i«,,.- ■ 
Thus device 123654 • ^ ""ununicate with this issuer. 

ice 123654 contains a first application entitled "Remote Access vl 01 " . 
another application entitled •■1098756". 

Fig. 5 below illustrates how the secret value or in 
the secret values SVk .r. k- Table 1 

values. SVk are combined with the application identifier e g 406 . 
device identifier e.g 408 41 fi «nH ' 
e g. 4US. 416 and a message related value e.g 412 

A single instance of the application 206 within the device 200 

vl or- r • ^PP^'^^ation "Remote Access 

vl.Ol requires a secret value SVs whose value is "10A6B1C8ED9F9" for e 
confidentiality in the send direction Th. ™^ 

v.. Who. ... . r "^"^^ ^ - 
ws w:rh:::::::::r ^^^"^ °" - - - 

device has been registered. Extracting the DID and AID fields 

r ' -'"^ - -eve _ 

dev.. ..,eves app.prta,e .ec., v.ue(s, hy vi^e ^ J^^M 
"20 withm a received message. " li^ and AiD fields - 

The application identifier 406 nermifc . 



15 
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For auditing and indexing purposes an application-unique value 412 is assigned 
to each message transmitted. This application-unique value 412, when combined with 
the device identifier 416 and the application identifier 406, permits reliable indexing of 
every message within a system or network. This indexing is related to the message, the 
5 device, and the application. The application-unique value 412 can be a simple counter 
within the application 206 or the Issuer device 200. Alternatively, time and/or date 
information or a combination of the aforementioned parameters can be used. The range 
of the application-unique value 412 encompasses the expected working life (i.e. the 
total expected number of messages sent/received during the lifetime) of the device (e.g. 

10 200) and the application (e.g. 206). A binary value of 32 bits or 10 decimal digits 
normally suffices for this purpose. 

Fig. 5 illustrates a preferred embodiment of the message origination process. 
The Application identifier 406 and the unique application value 412 are combined in a 
process 500 to create a message unique value 502. The combination process 500 

15 produces a message unique value 502 which is individual to the specific input 
combination of the application identifier 406 and the unique application value 412. 
Cryptographic techniques such as symmetric encryption, using Cipher Block Chaining 
(BCB) or another cipher feedback mode, keyed hash functions, or hash functions such 
as SHA-1 and MD5 fulfil this required fiinctionality. In contrast, exclusive OR (XOR) 

20 functions are generally not suitable, since the resulting message unique value 502 will 
not be unique. If a keyed function such as the symmetric key encryption based one way 
function is used, using the unique application value 412 as the key value will 
marginally increase the work factor for some forms of attack. 

The message unique value 502 is combined with the secret value 400 in 

25 combination process 504 to form a secret message unique value 506. The secret 
message unique value 506 is substantially unique to the particular message, device and 
application. It is noted that the secret value 400 is logically associated with the device 
identifier 416 and application identifier 406. 
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The combination p„cess 504 can be imple^emed using fte svmn,e, ■ 
™" -ea one .ncion. .e. in .e Hnancia, in J, al ^ 

values 506 be compromised in any manner. 

Tun-ing ,o Pig. 6. 0. sec., message „„i,ne value 506 is combined wi«, 
-age da. ^ in an encod.g process 603. X.S process 60. can bell 
-~ '° P-ide s„c .e, enc.p.io„ .r con«de„,a,i.„ or .or pr: ^ 
.e.sage m.egri, mechanism, such as a Message A„d,e«ica«o„ Code 
.eyed ^sb .nceion, or shnpiy as a sec., one-ime ™,ue ror use wi.. a bi^ 1 
~ More de.i,s on M.Cs can be ,ound in .us.iian S.ndard aa^l t 
ANSI X9 Standards and similar document 

The encoding process 602 o„,pu. a secure message bloc. 604 which is unique 
.o d,e message 600, device 200 and application 206. TOs encoding process 602 Z 
*e ... identiner 4,6, the application iden.i«er 4«, the applicln .1 I ^ 
412, and the secret values 400 to Uie message 600. 

Message data or content is fonnatted accotding to the needs of the issuer and 
-ce holder. Message length and.r content c„ be arbitrarily arranged. Bncryptlt 
and/or message integrity .nctio.. are incorporated toge^er with the message df. 
exemplified by a transmission data block 606 The, ■ ■ ^^^S'-'ata as 

Ute fonn of ,h • "ansmtsston data block 606 takes 

dTu I rdd"" ~" ""^-^ 

dau 10, and addressmg data 6,Z The cont^l data 610 consists or the device 
- -.«er 416, the application identifier 4., and the u„i,„e application value 412 Z 
ad .ssmg data 612 co.ists o, a destination addtess 61S, a sou,.e address 616 and 
opttonally. ancillary data 614. The forma, of the transmission data block 6i ^ 
determined by U,e Issuer 100 (see Fig. «. " 
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Considering Fig. 6 with reference to Fig. 1, the secure message block 604 is 
opaque, that is indecipherable, to all network entities apart from the intended recipient 
e.g. 104. 

The format and arrangement of the addressing data 612 is related to network 
5 functionality and not directly to the messaging functions of authentication and integrity 
assurance. Addressing data 612 is thus specific to the purpose, network and processing 
devices being employed by the Issuer device 200 and device-holder device 202. 

This arrangement also allows the same device identifier 408 to be used at 
multiple network addresses 618, 616. Alternatively, redundant issuer devices each with 
10 a distinct device identifier can be accessed at the same network address. 

Fig. 6a depicts a situation where both confidentiality and integrity protection 
are required. In a first embodiment, two encoding processes 602 and 603 are applied 
in parallel, process 602 for confidentiality and process 603 for integrity. Two distinct 
secret values SV^ (for confidentiality) and SV^ (for integrity) are used to produce two 
15 secret message unique values 632 and 630 respectively. These are applied to the 
corresponding processes 602 and 603 together with message data 600 to produce two 
secret message blocks 620 and 604 respectively. The transmission data block 622 is 
then constructed to contain die two secret message blocks 604 and 620. Symmetric key 
encryption can be used for confidentiality, and Message Authentication Code (MAC) or 
20 keyed hash function can be used for integrity. 

In a second embodiment, still having regard to Fig. 6a, if both confidentiality 
and integrity are required, the first secret value SV^ is used to produce the secret 
message value 632 using process 504 (see Fig. 5). The secret message value 632 is 
then combined with message data 600 in confidentiality encoding process 602 to 
25 produce the secure message block 620 and thereafter, a transmission data block. The 
second secret value SVi is then used to produce the secret message value 630 using 
process 504 (see Fig. 5). Thereafter, the secret message value 630 is encoded in 
integrity encoding process 603 together with the aforementioned transmission data 
block to produce the secure message block 604. This is then used to form a 
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confldemialily and imegrity protection. 

Tnmtag ,0 6., i„ , ^^^^^ 

■ntegnty are required . the message data 600 is combined wi,„ the ^re. n,e 

^ --~--..P.ccea.o..o.™.co.de„.iZ^^ 
olocK 0U4. The same secret messaap • • 

^ '"^ ^" P«^«"el combined with a MAP 

Variant 1000 in XOR process mm f« . " witn a MAC 

process 1002 to output an integrity secret message value 1008 
This secret message value 1008 ic fh« u- 

g 1008 .s then combmed with the message data 600 in ty. 

integrity encoding process 1004 tn • 

g process 1004 to form an mtegrity secure message block lOOfi r,, 
10 confidentiality secure message bloclc 604 and the integrity secure 1 h 
are then incorporated into transmission data bloc. 606 JIc T 
in AS2805. ANSIX9, and similar standards. ^^^""^ 
Where both confidentiality and integrity protection are required, the sequence 
Of processmg may be decided according to the needs Of the issuer Thus 
- — - P~ .ay be applied prior to processin rel^ ^^^^^^ 
protection, or alternatively, the processing may be performed in the reverse ord: 

Fig 7 illustrates another embodiment whereby the secret message unique value 

r r :: ::::: r - — - - 

to produce the secure message bloclc 700 and thereafter to form 

) transmission data block 702. This enable, th. 

nis enables the message recipient to detect whether the 

r"^. — ■ - - - -red or corrupted duri^ 

_ per^om^ng a comp.ete „es.ge reception procedJe. and 

allows utilisation of partially intact messages. 

Pi.. 8 illustrates a preferred embodiment which relates to decoding of the 

transmission data block 606 . 

-ntiner 406 are e.trl d ,0 1 

, the incoming transmission Jata block 606^ and - 

combined in the process 500 to recreate the n. 

. '^"^ate the message unique value 502. The 
combination process 500 k fh*. . 

•s the Identical process used in the message transmission 
process as described in Fig. 5. transmission 
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The device identifier 408 and the application identifier 406 are extracted from 
the transmission data block 606 and used to retrieve the appropriate secret value 400 by 
means of a secret value retrieval process 802. 

The recreated message unique value 502 is combined v^ith the retrieved secret 
5 value 400 in the combination process 504, in order to derive the secret message unique 
value 506. The combination process 504 is identical to the process utilised to combine 
the message unique value 502 and the secret value 400 in the transmission process 
described in Fig. 5. 

Turning to Fig. 9, the secret message unique value 506 is utilised to decode the 

10 secure message block 604 in a decoding process 900, in order to produce the original 
message data 600. The decoding process 900 is the inverse process to the encoding 
process 602 (see Fig. 6). Thus if the encoding process 602 implemented symmetric key 
encryption, i.e. related to confidentiality, then the decoding process 900 decrypts the 
secure message block 604 using the unique value 506. If the encoding process 602 (see 

15 Fig. 6) implemented a message integrity mechanism such as a MAC or keyed hash 
function, then the decoding process 900 verifies the integrity of the secret message 
block 604 against message corruption or tampering, using MAC or keyed hash 
techniques, or both, as applicable. 

Where the message unique value 502 is included with message data 600 in 

20 forming the secure message block 700 (see Fig. 7), application of the secret message 
unique value 506 to the secure message block 604 v^hich contains the transmitted 
message unique value 502 in decoding process 900 allows detection of errors in the 
transmission data block 606 if it contains errors in the control data 610 (see Fig. 6) and 
parts of the secure message block 604. 

25 Thus the message recipient device 202 and application (e.g. 208) utilise 

publicly disclosed items of information transmitted within the transmission data block 
606 and one or more shared secret values 400 to uniquely identify the contents of the 
transmission data block 606. 
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Any ofter receiving e„,i.y wift access ,o U,e nenvork 108 and having 
auU-oHse. access .o app,„p,a,e sec, values 400 o. sec, „ u„i,ne value 506 
can also i.e„,i<y a co«„g „ans™ission da. blck 606, and me inco,p„„,ed 
aes.,„a,ion device a„d/o. app,ica,io„ for pulses orn,e,eHng. charging. ,uaU,y c„n,ro, 
or ,aw enforcen.™ p„,p„,es. Where oniy Ure secre. message uni,ue vaiue 506 has 
been provided for Urese purposes, prior and s„bsc„en, messages which use ,he sec. 
value 400 are not compromised. 

The foregoing describes onfy some embcKiimenu of U,e presen. invemion and 
modiflca,ions obvious .o .hose skiUed in Ure ar., can be n,ade ttrerero wi,hou, departng 
from the scope of the invention. 
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ASPECTS OF THE INVENTION 

The following numbered paragraphs set forth aspects of the invention: 

5 1 . A method for encoding and transmitting by an originating device of a 

secure message the method comprising the steps of; 

(a) generating by a first process using an application identifier and an 
application value of a message value; 

(b) combining the message value with one or more first secret values, said 
10 secret values being known substantially only to the originating device and one or more 

intended recipient devices of the message, to establish a secret message value; 

(c) applying the secret message value and the message to an encoding 
process to form a secure message block; and 

(d) combining an address with a device identifier, the application 
15 identifier, the application value and the secure message block, to form a secure message 

for transmission which is decodable by the one or more of said intended recipient 
devices which thereby recover the message, the address , the device identifier, the 
application identifier and the application value. 

20 2. The method according to paragraph 1 whereby an association of the 

device identifier, the application identifier, and the application value substantially 
uniquely identifies the originating device and a purpose of the message and/or the 
application, and a identifier for the message, such message identification being bound 
with the message content by virtue of the encoding process. 

25 

3. The method according to paragraph 1 whereby the encoding process in 
step (c) comprises either: 

(e) a symmetric encryption process, or 

(f) an integrity process using keyed hash or synunetric encryption 
30 techniques, or 

|N:\LIBK101 105:MMF 
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(g) 
(h) 

protocol. 



a process including both symmetric encryption and keyed integrity, or 
including the secret message value in a higher level messaging 



5 4. A method for reception of a securely transmitted message by a 

recipient device the method comprising the steps of: 

(i) extracting an application identifier and application value from a 

received secure message; 

0) generating by a first process using the application identifier and 
10 application value of a message value; 

(k) extracting a device identifier from the secure message, whereby one or 
more secret values known substantially only to an originating device and the one or 
more intended recipient devices of the message are generated according to a second 
process using the device identifier and the application identifier; 

combining the message value with the one or more secret values, to 
establish a secret message value; 

(m) extracting a secure message block from the secure message; and 
(n) applying the secret message value and the secure message block to a 
decoding process to form the securely transmitted message, this message having been 
securely transmitted by the originating device. 

DATED this FOURTH DECEMBER 1998 
C?fM?X ToTRl Sidnojr Collinc . 

SEC ^\ Attorneys for the Applicant/Nominated PeJ^^on 

, ] SPRUSON & FERGUSON 
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Fig. 1 




Fig. 3 
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